The stable Postfix release is called postfix-2.6.x where 2=major
release number, 6=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-2.7-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
before proceeding.
Major changes with Postfix 2.6.15
----------------------------------
This release adds support to turn off the TLSv1.1 and TLSv1.2
protocols. Introduced with OpenSSL version 1.0.1, these are known
to cause inter-operability problems with for example hotmail.
The radical workaround is to temporarily turn off problematic
protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
Important:
- Note the use of ":" instead of comma or space. Also, note that
there is NO space around the "=" in "protocols=".
- The smtp_tls_policy_maps lookup key must match the "next-hop"
destination that is given to the Postfix SMTP client. If you
override the next-hop destination with transport_maps, relayhost,
sender_dependent_relayhost_maps, or otherwise, you need to specify
the same destination for the smtp_tls_policy_maps lookup key.
Incompatibility with Postfix 2.6.8
----------------------------------
Postfix no longer appends the system-supplied default CA certificates
to the lists specified with *_tls_CAfile or with *_tls_CApath. This
prevents third-party certificates from getting mail relay permission
with the permit_tls_all_clientcerts feature.
Unfortunately this change may cause compatibility problems when
configurations rely on certificate verification for other purposes.
Specify "tls_append_default_CA = yes" for backwards compatibility.
Major changes - multi-instance support
--------------------------------------
[Feature 20090121] Support for managing multiple Postfix instances.
This can automatically apply your "postfix start" etc. command to
multiple Postfix instances, including upgrades to new Postfix
versions. Multi-instance support allows you to do the following
and more:
- Simplify post-queue content filter configuration by using separate
Postfix instances before and after the filter. This simplifies
trouble shooting and performance tuning.
- Implement per-user content filters (or no filter) via transport
map lookups instead of content_filter settings. Mail for some
users can be sent directly from the before-filter instance to the
after-filter instance.
- Test new configuration settings (on a different server IP address
or TCP port) without disturbing production instances.
- Each additional Postfix instance uses a few files and directories,
plus memory for an extra master daemon and queue manager. The
pickup daemon is needed only if you use local submission or
"postsuper -r".
Best of all, nothing changes when you use only one Postfix instance.
The MULTI_INSTANCE_README file presents an introduction to
multi-instance management. Multi-instance support is based on an
API that is described in the postfix-wrapper(5) manual page.
Major changes - milter support
------------------------------
[Feature 20090428] The following improvements have been made to the
Milter implementation:
- Improved compatibility of the {mail_addr} and {rcpt_addr} macros.
- Support for the {mail_host}, {mail_mailer}, {rcpt_host} and
{rcpt_mailer} macros.
- Milter applications can now request rejected recipients with the
SMFIP_RCPT_REJ feature. Rejected recipients are reported with
{rcpt_mailer} = "error", {rcpt_host} = enhanced status code, and
{rcpt_addr} = descriptive text. This feature requires "milter_protocol
= 6" or higher (default as of Postfix 2.6).
- Milters can now replace the envelope sender address with the
SMFIR_CHGFROM request, and can add recipients with SMFIR_ADDRCPT_PAR.
These implementations ignore ESMTP command parameters and log a
warning message as follows:
warning: 100B22B3293: cleanup_chg_from: ignoring ESMTP arguments "whatever"
warning: 100B22B3293: cleanup_add_rcpt: ignoring ESMTP arguments "whatever"
[Incompat 20090428] The default milter_protocol setting is increased
from 2 to 6; this enables all available features up to and including
Sendmail 8.14.0. The new milter_protocol setting may break
compatibility with older Milter libraries or applications, and may
cause Postfix to log warning messages such as:
warning: milter inet:host:port: can't read packet header: Unknown error : 0
warning: milter inet:host:port: can't read packet header: Success
warning: milter inet:host:port: can't read SMFIC_DATA reply
packet header: No such file or directory
To restore compatibility, specify "milter_protocol = 2" in main.cf.
Major changes - security
------------------------
[Incompat 20080726] When a mailbox file is not owned by its recipient,
the local and virtual delivery agents now log a warning and defer
delivery. Specify "strict_mailbox_ownership = no" to ignore such
ownership discrepancies.
Major changes - smtp server
---------------------------
[Feature 20080212] check_reverse_client_hostname_access, to make
access decisions based on the unverified client hostname. For
safety reasons an OK result is not allowed.
[Feature 20090210] With "reject_tempfail_action = defer", the Postfix
SMTP server immediately replies with a 4xx status after some temporary
error, instead of executing an implicit "defer_if_permit" action.
[Feature 20090215] The Postfix SMTP server automatically hangs up
after replying with "521". This makes overload handling more
effective. See also RFC 1846 for prior art on this topic.
[Feature 20090228] The Postfix SMTP server maintains a per-session
"improper command pipelining detected" flag. This flag can be tested
at any time with reject_unauth_pipelining, and is raised whenever
a client command is followed by unexpected commands or message
content. The Postfix SMTP server logs the first command pipelining
transgression as "improper command pipelining after from
[]".
[Feature 20090212] Stress-dependent behavior is enabled by default.
Under conditions of overload, smtpd_timeout is reduced from 300s
to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
the impact of overload for most legitimate mail.
[Feature 20080629] The Postfix SMTP server's SASL authentication
was re-structured. With "smtpd_tls_auth_only = yes", SASL support
is now activated only after a successful TLS handshake. Earlier
Postfix SMTP server versions could complain about unavailable SASL
mechanisms during the plaintext phase of the SMTP protocol.
[Incompat 20080510] In the policy delegation protocol, certificate
common name attributes are now xtext encoded UTF-8. The xtext decoded
attributes may contain any UTF-8 value except non-printable ASCII
characters.
Major changes - performance
---------------------------
[Feature 20090215] The Postfix SMTP server automatically hangs up
after replying with "521". This makes overload handling more
effective. See also RFC 1846 for prior art on this topic.
[Feature 20090212] Stress-dependent behavior is enabled by default.
Under conditions of overload, smtpd_timeout is reduced from 300s
to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
the negative impact of server overload for most legitimate mail.
[Feature 20090109] Specify "tcp_windowsize = 65535" (or less) to
work around routers with broken TCP window scaling implementations.
This is perhaps more convenient than collecting tcpdump output and
tuning kernel parameters by hand. With Postfix TCP servers (smtpd(8),
qmqpd(8)), this feature is implemented by the Postfix master(8)
daemon.
To change this parameter without stopping Postfix, you need to first
terminate all Postfix TCP servers:
# postconf -e master_service_disable=inet
# postfix reload
This immediately terminates all processes that accept network
connections. Then you enable Postfix TCP servers with the updated
tcp_windowsize setting:
# postconf -e tcp_windowsize=65535 master_service_disable=
# postfix reload
If you skip these steps with a running Postfix system, then the
tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
lmtp(8)).
Of course you can also do "postfix stop" and "postfix start",
but that is more disruptive.
Major changes - tls
-------------------
[Incompat 20090428] The Postfix SMTP client(!) no longer tries to
use the obsolete SSLv2 protocol by default, as this may prevent the
use of modern SSL features. Lack of SSLv2 support should never be
a problem, since SSLv3 was defined in 1996, and TLSv1 in 1999. You
can undo the change by specifying empty main.cf values for
smtp_tls_protocols and lmtp_tls_protocols. The Postfix SMTP server
maintains SSLv2 support for backwards compatibility with ancient
clients.
[Feature 20081010] Controls for the protocols and ciphers that
Postfix will use with opportunistic TLS. The smtp_tls_protocols,
smtp_tls_ciphers, and equivalent parameters for lmtp and smtpd
provide global settings; the SMTP client TLS policy table provides
ciphers and protocols settings for specific peers. Code by Victor
Duchovni. Details are given in the TLS_README and postconf(5)
documents.
[Feature 20081108] Elliptic curve support. This requires OpenSSL
version 0.9.9 or later.
Major changes - address verification
------------------------------------
[Incompat 20080428] Postfix SMTP server replies for address
verification have changed. unverified_recipient_reject_code and
unverified_sender_reject_code now handle "5XX" rejects only. The
"4XX" rejects are now controlled with unverified_sender_defer_code
and unverified_recipient_defer_code.
[Feature 20080428] Finer control over the way Postfix reports address
verification failures to remote SMTP clients.
- unverified_sender/recipient_defer_code: the numerical Postfix
SMTP server reply code when address verification failed due
to some temporary error.
- unverified_sender/recipient_reject_reason: fixed text that Postfix
will send to the remote SMTP client, instead of sending actual
address verification details.
Major changes - dsn
-------------------
[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
DSN "success" notifications when LMTP delivery is "final" as opposed
to delivery into a content filter.
Major changes - file organization
---------------------------------
[Incompat 20080207] According to discussions on the mailing list,
too many people are breaking newly installed Postfix by overwriting
the new /etc/postfix files with versions from an older release, and
end up with a broken configuration that cannot repair itself. For
this reason, postfix-script, postfix-files and post-install are
moved away from /etc/postfix to $daemon_directory.
Major changes - header rewriting
--------------------------------
[Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
Message-ID: or To: headers only when clients match
$local_header_rewrite_clients. Specify "always_add_missing_headers
= yes" for backwards compatibility. Adding such headers can break
DKIM signatures that cover headers that are not present. For
compatibility with existing logfile processing software, Postfix
will log ``message-id=<>'' for messages without Message-Id header.
Major changes - lmtp client
---------------------------
[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
DSN "success" notifications when LMTP delivery is "final" as opposed
to delivery into a content filter.
Major changes - logging
-----------------------
[Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
Message-ID: or To: headers only when clients match
$local_header_rewrite_clients. Specify "always_add_missing_headers
= yes" for backwards compatibility. Adding such headers can break
DKIM signatures that cover headers that are not present.
This changes the appearance of Postfix logging: to preserve
compatibility with existing logfile processing software, Postfix
will log ``message-id=<>'' for messages without Message-Id header.
Major changes - mime
--------------------
[Feature 20080324] When the "postmap -q -" command reads lookup
keys from standard input, it now understands RFC822 and MIME message
format. Specify -h or -b to use headers or body lines as lookup
keys, and specify -hm or -bm to simulate header_checks or body_checks.
Major changes - miscellaneous
-----------------------------
[Feature 20090109] Support to selectively disable master(8) listener
ports by service type or by service name + type. Specify a list of
service types ("inet", "unix", "fifo", or "pass") or "name.type"
tuples, where "name" is the first field of a master.cf entry and
"type" is a service type. Examples: to turn off the main SMTP
listener port, use "master_service_disable = smtp.inet"; to turn
off all TCP/IP listeners, use "master_service_disable = inet".
Changing this parameter requires "postfix reload".
Major changes - sasl
--------------------
[Feature 20090418] The Postfix SMTP server passes more information
to the Dovecot authentication server: the "TLS is active" flag, the
server IP address, and the client IP address.
[Feature 20080629] The Postfix SMTP server's SASL authentication
was re-structured. With "smtpd_tls_auth_only = yes", SASL support
is now activated only after a successful TLS handshake. Earlier
Postfix SMTP server versions could complain about unavailable SASL
mechanisms during the plaintext phase of the SMTP protocol.